Andy Greenberg of Forbes reports that the Safehouse site launched by The Wall Street Journal on Thursday for sources to provide documents and information has problems that would allow for those sources to be identified.
Greenberg writes, “But within hours, the security community was pointing to flaws in the site’s protections for anonymous leakers and the fine print of its policy for source protections that could give away the identities of would-be whistleblowers.
“‘Pro tip: if you’re going to create a document leaking website – have a clue!’ wrote security research Jacob Appelbaum in his Twitter feed.
“Appelbaum, a developer for the Tor anonymity network and a past volunteer for WikiLeaks, says that SafeHouse insecurely implements Secure Socket Layer (SSL) encryption, the protection meant to render any data passed between a user and a website unreadable. When a visitor goes to http://wsjsafehouse.com, for instance, that unencrypted site offers a link to the encrypted HTTPS version of the site. But Appelbaum points out that it doesn’t use a mechanism called Strict Transport Security to switch from the insecure to the encrypted connection. So any lurking man-in-the-middle on the user’s network can use a tool like SSL Strip to make it appear that he or she has entered the encrypted version of the site when in fact the traffic is unprotected.”
Read more here.
Former Business Insider executive editor Rebecca Harrington has been hired by Dynamo to be its…
Bloomberg Television has hired Brenda Kerubo as a desk producer in London. She will be covering Europe's…
In a meeting at CNBC headquarters Thursday afternoon, incoming boss Mark Lazarus presented a bullish…
Ritika Gupta, the BBC's North American business correspondent, was interviewed by Global Woman magazine about…
Rest of World has hired Kinling Lo as a China reporter. Lo was previously a…
Bloomberg News saw strong unique visitor growth to its website in October, passing Fox Business…